搜索资源列表
确定有穷自动机分析内核
- 核心函数是一个状态切换的函数 CAjaxParserDlg::Route。状态切换函数解根据一个 DFA 来对输入的文本进行分析。也就是说,如果你做一个新的DFA,就能分析新的词法。 DFA 的初始化在 CAjaxParserDlg::OnInitDialog。 -core function is a state of the switching function CAjaxParserDlg : : Route. State switching function according to a
Hooking_the_kernel_directly
- 直接内核钩子。教你如何用C写内核函数钩子。文件里面包含了详细文档和代码。-direct kernel hook. Teach you how to write C kernel function hook. File includes detailed documentation and code.
HideProcessHookMDL
- 通过驱动编程截获内核函数,实现隐藏进程,现今的木马一般选用这种技术-driven programming intercepted by the kernel function and realize hidden process, the current Trojan generally choose this technology
migbot
- 内核函数detour补丁,rootkit技术的经典源代码。
NtQuerySystemInformation
- 使用内核函数NtQuerySystemInformation做的进程显示程序,
微软未公开API【NtQuerySystemInformation】函数
- IN OUT PVOID SystemInformation, IN ULONG SystemInformationLength, OUT PULONG ReturnLength OPTIONAL); NTQUERYSYSTEMINFORMATION NtQuerySystemInformation; 从中可以看到,SystemInformationClass是一个类型信息,它大概提供了50余种信息,也就是我们可以通过这个函数对大约50
ZwLoadDriver
- 调用原始的内核函数进行驱动加载,而不是通过注册服务的形式-Call the original kernel function to drive loads, rather than through the form of registration services
Kernel_KeUserModeCallback
- 内核态调用用户态函数的很好的学习例子, 利用KeUserModeCallback 内核函数和callback对象进行调用-Kernel-mode function is called user mode good learning example, the use of KeUserModeCallback kernel function and the callback object is called
NtQuerySystemInformation
- 这是介绍如何在Windows驱动层 HOOK NtQuerySystemInformation内核 函数的文章。 这篇文章超级详细的介绍了这个函数的每一个参数以及用法。-This is how the Windows kernel function driver layer HOOK NtQuerySystemInformation article. This article describes the super-detailed each parameter of this function
inlinehookAndADE32
- inline hook & ADE 32(反汇编引擎),可用于动态的inline hook到任何内核函数。-inline hook and ADE 32
RegDriver
- Ring0级操作注册表!在驱动开发中,经常会用到对注册表的操作,与Win32的API不同,DDK提供另外一套对注册表操作的相关函数,本代码给出了内核模式下对注册表的所有操作实例!-Ring0 registry class operation! At driver development, often used for the operation of the registry with Win32' s API different, DDK provide another set of r
80478EVC_ADO
- EVC内核函数的计算,各种种类的内核函数,可供初学者参考-EVC core function, the various types of kernel function, a reference for beginners
killer
- 有时候进程死锁后,用任务管理期都无法杀掉,本程序使用内核函数,可杀任何死锁进程。将程序编译后生成killer.exe,按下面各式执行即可杀任何进程。 killer program [program ...] 例如: killer notepad.exe iexplore.exe-Some times, you can t kill program by task manager. But you can use this program to kill any locked prog
Driver1
- 取得内核函数的大小,效果还可以,大家下来-Kernel function to obtain the size of the
InlineHookScan
- 驱动层搜索内连HOOK,查看SSDT中的内核函数的开头是否被内连HOOK-Search within driving layer with HOOK, see SSDT in the beginning of the kernel function is to be in with HOOK
conpro
- 描述生产者和消费者问题的Windows内核程序,包含了API内核函数-Producer and consumer issues described in Windows kernel, the kernel function contains the API
GetKernelFunction(ForXP)
- 很简单的一个内核函数地址的获取器,原理是用获取的地址+内核基地址-加载内核文件的句柄。关于内核基地址的获取方法希望有高人优化。-Very simple to get the address of a kernel function device, the principle is used to obtain the base address of the kernel address+- load the kernel file handle. Access to the kernel bas
File
- windows2000系统关于文件操作的内核函数和结构体的记录和用法。-windows2000 system kernel on the file operation function and structure of records and usage.
Registry
- windows2000系统关于注册表操作的内核函数和结构体的记录和用法。-windows2000 operating system kernel on the registry function and structure of records and usage.
Memory
- windows2000系统关于内存的内核函数和结构体的记录和用法。-windows2000 system kernel on the memory function and structure of records and usage.